Home | History | Annotate | Download | only in servicemanager
      1 /* Copyright 2008 The Android Open Source Project
      2  */
      3 
      4 #include <stdio.h>
      5 #include <stdlib.h>
      6 #include <errno.h>
      7 #include <unistd.h>
      8 #include <fcntl.h>
      9 #include <sys/mman.h>
     10 
     11 #include "binder.h"
     12 
     13 #define MAX_BIO_SIZE (1 << 30)
     14 
     15 #define TRACE 0
     16 
     17 #define LOG_TAG "Binder"
     18 #include <cutils/log.h>
     19 
     20 void bio_init_from_txn(struct binder_io *io, struct binder_txn *txn);
     21 
     22 #if TRACE
     23 void hexdump(void *_data, unsigned len)
     24 {
     25     unsigned char *data = _data;
     26     unsigned count;
     27 
     28     for (count = 0; count < len; count++) {
     29         if ((count & 15) == 0)
     30             fprintf(stderr,"%04x:", count);
     31         fprintf(stderr," %02x %c", *data,
     32                 (*data < 32) || (*data > 126) ? '.' : *data);
     33         data++;
     34         if ((count & 15) == 15)
     35             fprintf(stderr,"\n");
     36     }
     37     if ((count & 15) != 0)
     38         fprintf(stderr,"\n");
     39 }
     40 
     41 void binder_dump_txn(struct binder_txn *txn)
     42 {
     43     struct binder_object *obj;
     44     unsigned *offs = txn->offs;
     45     unsigned count = txn->offs_size / 4;
     46 
     47     fprintf(stderr,"  target %p  cookie %p  code %08x  flags %08x\n",
     48             txn->target, txn->cookie, txn->code, txn->flags);
     49     fprintf(stderr,"  pid %8d  uid %8d  data %8d  offs %8d\n",
     50             txn->sender_pid, txn->sender_euid, txn->data_size, txn->offs_size);
     51     hexdump(txn->data, txn->data_size);
     52     while (count--) {
     53         obj = (void*) (((char*) txn->data) + *offs++);
     54         fprintf(stderr,"  - type %08x  flags %08x  ptr %p  cookie %p\n",
     55                 obj->type, obj->flags, obj->pointer, obj->cookie);
     56     }
     57 }
     58 
     59 #define NAME(n) case n: return #n
     60 const char *cmd_name(uint32_t cmd)
     61 {
     62     switch(cmd) {
     63         NAME(BR_NOOP);
     64         NAME(BR_TRANSACTION_COMPLETE);
     65         NAME(BR_INCREFS);
     66         NAME(BR_ACQUIRE);
     67         NAME(BR_RELEASE);
     68         NAME(BR_DECREFS);
     69         NAME(BR_TRANSACTION);
     70         NAME(BR_REPLY);
     71         NAME(BR_FAILED_REPLY);
     72         NAME(BR_DEAD_REPLY);
     73         NAME(BR_DEAD_BINDER);
     74     default: return "???";
     75     }
     76 }
     77 #else
     78 #define hexdump(a,b) do{} while (0)
     79 #define binder_dump_txn(txn)  do{} while (0)
     80 #endif
     81 
     82 #define BIO_F_SHARED    0x01  /* needs to be buffer freed */
     83 #define BIO_F_OVERFLOW  0x02  /* ran out of space */
     84 #define BIO_F_IOERROR   0x04
     85 #define BIO_F_MALLOCED  0x08  /* needs to be free()'d */
     86 
     87 struct binder_state
     88 {
     89     int fd;
     90     void *mapped;
     91     unsigned mapsize;
     92 };
     93 
     94 struct binder_state *binder_open(unsigned mapsize)
     95 {
     96     struct binder_state *bs;
     97 
     98     bs = malloc(sizeof(*bs));
     99     if (!bs) {
    100         errno = ENOMEM;
    101         return 0;
    102     }
    103 
    104     bs->fd = open("/dev/binder", O_RDWR);
    105     if (bs->fd < 0) {
    106         fprintf(stderr,"binder: cannot open device (%s)\n",
    107                 strerror(errno));
    108         goto fail_open;
    109     }
    110 
    111     bs->mapsize = mapsize;
    112     bs->mapped = mmap(NULL, mapsize, PROT_READ, MAP_PRIVATE, bs->fd, 0);
    113     if (bs->mapped == MAP_FAILED) {
    114         fprintf(stderr,"binder: cannot map device (%s)\n",
    115                 strerror(errno));
    116         goto fail_map;
    117     }
    118 
    119         /* TODO: check version */
    120 
    121     return bs;
    122 
    123 fail_map:
    124     close(bs->fd);
    125 fail_open:
    126     free(bs);
    127     return 0;
    128 }
    129 
    130 void binder_close(struct binder_state *bs)
    131 {
    132     munmap(bs->mapped, bs->mapsize);
    133     close(bs->fd);
    134     free(bs);
    135 }
    136 
    137 int binder_become_context_manager(struct binder_state *bs)
    138 {
    139     return ioctl(bs->fd, BINDER_SET_CONTEXT_MGR, 0);
    140 }
    141 
    142 int binder_write(struct binder_state *bs, void *data, unsigned len)
    143 {
    144     struct binder_write_read bwr;
    145     int res;
    146     bwr.write_size = len;
    147     bwr.write_consumed = 0;
    148     bwr.write_buffer = (unsigned) data;
    149     bwr.read_size = 0;
    150     bwr.read_consumed = 0;
    151     bwr.read_buffer = 0;
    152     res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr);
    153     if (res < 0) {
    154         fprintf(stderr,"binder_write: ioctl failed (%s)\n",
    155                 strerror(errno));
    156     }
    157     return res;
    158 }
    159 
    160 void binder_send_reply(struct binder_state *bs,
    161                        struct binder_io *reply,
    162                        void *buffer_to_free,
    163                        int status)
    164 {
    165     struct {
    166         uint32_t cmd_free;
    167         void *buffer;
    168         uint32_t cmd_reply;
    169         struct binder_txn txn;
    170     } __attribute__((packed)) data;
    171 
    172     data.cmd_free = BC_FREE_BUFFER;
    173     data.buffer = buffer_to_free;
    174     data.cmd_reply = BC_REPLY;
    175     data.txn.target = 0;
    176     data.txn.cookie = 0;
    177     data.txn.code = 0;
    178     if (status) {
    179         data.txn.flags = TF_STATUS_CODE;
    180         data.txn.data_size = sizeof(int);
    181         data.txn.offs_size = 0;
    182         data.txn.data = &status;
    183         data.txn.offs = 0;
    184     } else {
    185         data.txn.flags = 0;
    186         data.txn.data_size = reply->data - reply->data0;
    187         data.txn.offs_size = ((char*) reply->offs) - ((char*) reply->offs0);
    188         data.txn.data = reply->data0;
    189         data.txn.offs = reply->offs0;
    190     }
    191     binder_write(bs, &data, sizeof(data));
    192 }
    193 
    194 int binder_parse(struct binder_state *bs, struct binder_io *bio,
    195                  uint32_t *ptr, uint32_t size, binder_handler func)
    196 {
    197     int r = 1;
    198     uint32_t *end = ptr + (size / 4);
    199 
    200     while (ptr < end) {
    201         uint32_t cmd = *ptr++;
    202 #if TRACE
    203         fprintf(stderr,"%s:\n", cmd_name(cmd));
    204 #endif
    205         switch(cmd) {
    206         case BR_NOOP:
    207             break;
    208         case BR_TRANSACTION_COMPLETE:
    209             break;
    210         case BR_INCREFS:
    211         case BR_ACQUIRE:
    212         case BR_RELEASE:
    213         case BR_DECREFS:
    214 #if TRACE
    215             fprintf(stderr,"  %08x %08x\n", ptr[0], ptr[1]);
    216 #endif
    217             ptr += 2;
    218             break;
    219         case BR_TRANSACTION: {
    220             struct binder_txn *txn = (void *) ptr;
    221             if ((end - ptr) * sizeof(uint32_t) < sizeof(struct binder_txn)) {
    222                 LOGE("parse: txn too small!\n");
    223                 return -1;
    224             }
    225             binder_dump_txn(txn);
    226             if (func) {
    227                 unsigned rdata[256/4];
    228                 struct binder_io msg;
    229                 struct binder_io reply;
    230                 int res;
    231 
    232                 bio_init(&reply, rdata, sizeof(rdata), 4);
    233                 bio_init_from_txn(&msg, txn);
    234                 res = func(bs, txn, &msg, &reply);
    235                 binder_send_reply(bs, &reply, txn->data, res);
    236             }
    237             ptr += sizeof(*txn) / sizeof(uint32_t);
    238             break;
    239         }
    240         case BR_REPLY: {
    241             struct binder_txn *txn = (void*) ptr;
    242             if ((end - ptr) * sizeof(uint32_t) < sizeof(struct binder_txn)) {
    243                 LOGE("parse: reply too small!\n");
    244                 return -1;
    245             }
    246             binder_dump_txn(txn);
    247             if (bio) {
    248                 bio_init_from_txn(bio, txn);
    249                 bio = 0;
    250             } else {
    251                     /* todo FREE BUFFER */
    252             }
    253             ptr += (sizeof(*txn) / sizeof(uint32_t));
    254             r = 0;
    255             break;
    256         }
    257         case BR_DEAD_BINDER: {
    258             struct binder_death *death = (void*) *ptr++;
    259             death->func(bs, death->ptr);
    260             break;
    261         }
    262         case BR_FAILED_REPLY:
    263             r = -1;
    264             break;
    265         case BR_DEAD_REPLY:
    266             r = -1;
    267             break;
    268         default:
    269             LOGE("parse: OOPS %d\n", cmd);
    270             return -1;
    271         }
    272     }
    273 
    274     return r;
    275 }
    276 
    277 void binder_acquire(struct binder_state *bs, void *ptr)
    278 {
    279     uint32_t cmd[2];
    280     cmd[0] = BC_ACQUIRE;
    281     cmd[1] = (uint32_t) ptr;
    282     binder_write(bs, cmd, sizeof(cmd));
    283 }
    284 
    285 void binder_release(struct binder_state *bs, void *ptr)
    286 {
    287     uint32_t cmd[2];
    288     cmd[0] = BC_RELEASE;
    289     cmd[1] = (uint32_t) ptr;
    290     binder_write(bs, cmd, sizeof(cmd));
    291 }
    292 
    293 void binder_link_to_death(struct binder_state *bs, void *ptr, struct binder_death *death)
    294 {
    295     uint32_t cmd[3];
    296     cmd[0] = BC_REQUEST_DEATH_NOTIFICATION;
    297     cmd[1] = (uint32_t) ptr;
    298     cmd[2] = (uint32_t) death;
    299     binder_write(bs, cmd, sizeof(cmd));
    300 }
    301 
    302 
    303 int binder_call(struct binder_state *bs,
    304                 struct binder_io *msg, struct binder_io *reply,
    305                 void *target, uint32_t code)
    306 {
    307     int res;
    308     struct binder_write_read bwr;
    309     struct {
    310         uint32_t cmd;
    311         struct binder_txn txn;
    312     } writebuf;
    313     unsigned readbuf[32];
    314 
    315     if (msg->flags & BIO_F_OVERFLOW) {
    316         fprintf(stderr,"binder: txn buffer overflow\n");
    317         goto fail;
    318     }
    319 
    320     writebuf.cmd = BC_TRANSACTION;
    321     writebuf.txn.target = target;
    322     writebuf.txn.code = code;
    323     writebuf.txn.flags = 0;
    324     writebuf.txn.data_size = msg->data - msg->data0;
    325     writebuf.txn.offs_size = ((char*) msg->offs) - ((char*) msg->offs0);
    326     writebuf.txn.data = msg->data0;
    327     writebuf.txn.offs = msg->offs0;
    328 
    329     bwr.write_size = sizeof(writebuf);
    330     bwr.write_consumed = 0;
    331     bwr.write_buffer = (unsigned) &writebuf;
    332 
    333     hexdump(msg->data0, msg->data - msg->data0);
    334     for (;;) {
    335         bwr.read_size = sizeof(readbuf);
    336         bwr.read_consumed = 0;
    337         bwr.read_buffer = (unsigned) readbuf;
    338 
    339         res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr);
    340 
    341         if (res < 0) {
    342             fprintf(stderr,"binder: ioctl failed (%s)\n", strerror(errno));
    343             goto fail;
    344         }
    345 
    346         res = binder_parse(bs, reply, readbuf, bwr.read_consumed, 0);
    347         if (res == 0) return 0;
    348         if (res < 0) goto fail;
    349     }
    350 
    351 fail:
    352     memset(reply, 0, sizeof(*reply));
    353     reply->flags |= BIO_F_IOERROR;
    354     return -1;
    355 }
    356 
    357 void binder_loop(struct binder_state *bs, binder_handler func)
    358 {
    359     int res;
    360     struct binder_write_read bwr;
    361     unsigned readbuf[32];
    362 
    363     bwr.write_size = 0;
    364     bwr.write_consumed = 0;
    365     bwr.write_buffer = 0;
    366 
    367     readbuf[0] = BC_ENTER_LOOPER;
    368     binder_write(bs, readbuf, sizeof(unsigned));
    369 
    370     for (;;) {
    371         bwr.read_size = sizeof(readbuf);
    372         bwr.read_consumed = 0;
    373         bwr.read_buffer = (unsigned) readbuf;
    374 
    375         res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr);
    376 
    377         if (res < 0) {
    378             LOGE("binder_loop: ioctl failed (%s)\n", strerror(errno));
    379             break;
    380         }
    381 
    382         res = binder_parse(bs, 0, readbuf, bwr.read_consumed, func);
    383         if (res == 0) {
    384             LOGE("binder_loop: unexpected reply?!\n");
    385             break;
    386         }
    387         if (res < 0) {
    388             LOGE("binder_loop: io error %d %s\n", res, strerror(errno));
    389             break;
    390         }
    391     }
    392 }
    393 
    394 void bio_init_from_txn(struct binder_io *bio, struct binder_txn *txn)
    395 {
    396     bio->data = bio->data0 = txn->data;
    397     bio->offs = bio->offs0 = txn->offs;
    398     bio->data_avail = txn->data_size;
    399     bio->offs_avail = txn->offs_size / 4;
    400     bio->flags = BIO_F_SHARED;
    401 }
    402 
    403 void bio_init(struct binder_io *bio, void *data,
    404               uint32_t maxdata, uint32_t maxoffs)
    405 {
    406     uint32_t n = maxoffs * sizeof(uint32_t);
    407 
    408     if (n > maxdata) {
    409         bio->flags = BIO_F_OVERFLOW;
    410         bio->data_avail = 0;
    411         bio->offs_avail = 0;
    412         return;
    413     }
    414 
    415     bio->data = bio->data0 = data + n;
    416     bio->offs = bio->offs0 = data;
    417     bio->data_avail = maxdata - n;
    418     bio->offs_avail = maxoffs;
    419     bio->flags = 0;
    420 }
    421 
    422 static void *bio_alloc(struct binder_io *bio, uint32_t size)
    423 {
    424     size = (size + 3) & (~3);
    425     if (size > bio->data_avail) {
    426         bio->flags |= BIO_F_OVERFLOW;
    427         return 0;
    428     } else {
    429         void *ptr = bio->data;
    430         bio->data += size;
    431         bio->data_avail -= size;
    432         return ptr;
    433     }
    434 }
    435 
    436 void binder_done(struct binder_state *bs,
    437                  struct binder_io *msg,
    438                  struct binder_io *reply)
    439 {
    440     if (reply->flags & BIO_F_SHARED) {
    441         uint32_t cmd[2];
    442         cmd[0] = BC_FREE_BUFFER;
    443         cmd[1] = (uint32_t) reply->data0;
    444         binder_write(bs, cmd, sizeof(cmd));
    445         reply->flags = 0;
    446     }
    447 }
    448 
    449 static struct binder_object *bio_alloc_obj(struct binder_io *bio)
    450 {
    451     struct binder_object *obj;
    452 
    453     obj = bio_alloc(bio, sizeof(*obj));
    454 
    455     if (obj && bio->offs_avail) {
    456         bio->offs_avail--;
    457         *bio->offs++ = ((char*) obj) - ((char*) bio->data0);
    458         return obj;
    459     }
    460 
    461     bio->flags |= BIO_F_OVERFLOW;
    462     return 0;
    463 }
    464 
    465 void bio_put_uint32(struct binder_io *bio, uint32_t n)
    466 {
    467     uint32_t *ptr = bio_alloc(bio, sizeof(n));
    468     if (ptr)
    469         *ptr = n;
    470 }
    471 
    472 void bio_put_obj(struct binder_io *bio, void *ptr)
    473 {
    474     struct binder_object *obj;
    475 
    476     obj = bio_alloc_obj(bio);
    477     if (!obj)
    478         return;
    479 
    480     obj->flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS;
    481     obj->type = BINDER_TYPE_BINDER;
    482     obj->pointer = ptr;
    483     obj->cookie = 0;
    484 }
    485 
    486 void bio_put_ref(struct binder_io *bio, void *ptr)
    487 {
    488     struct binder_object *obj;
    489 
    490     if (ptr)
    491         obj = bio_alloc_obj(bio);
    492     else
    493         obj = bio_alloc(bio, sizeof(*obj));
    494 
    495     if (!obj)
    496         return;
    497 
    498     obj->flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS;
    499     obj->type = BINDER_TYPE_HANDLE;
    500     obj->pointer = ptr;
    501     obj->cookie = 0;
    502 }
    503 
    504 void bio_put_string16(struct binder_io *bio, const uint16_t *str)
    505 {
    506     uint32_t len;
    507     uint16_t *ptr;
    508 
    509     if (!str) {
    510         bio_put_uint32(bio, 0xffffffff);
    511         return;
    512     }
    513 
    514     len = 0;
    515     while (str[len]) len++;
    516 
    517     if (len >= (MAX_BIO_SIZE / sizeof(uint16_t))) {
    518         bio_put_uint32(bio, 0xffffffff);
    519         return;
    520     }
    521 
    522     bio_put_uint32(bio, len);
    523     len = (len + 1) * sizeof(uint16_t);
    524     ptr = bio_alloc(bio, len);
    525     if (ptr)
    526         memcpy(ptr, str, len);
    527 }
    528 
    529 void bio_put_string16_x(struct binder_io *bio, const char *_str)
    530 {
    531     unsigned char *str = (unsigned char*) _str;
    532     uint32_t len;
    533     uint16_t *ptr;
    534 
    535     if (!str) {
    536         bio_put_uint32(bio, 0xffffffff);
    537         return;
    538     }
    539 
    540     len = strlen(_str);
    541 
    542     if (len >= (MAX_BIO_SIZE / sizeof(uint16_t))) {
    543         bio_put_uint32(bio, 0xffffffff);
    544         return;
    545     }
    546 
    547     bio_put_uint32(bio, len);
    548     ptr = bio_alloc(bio, (len + 1) * sizeof(uint16_t));
    549     if (!ptr)
    550         return;
    551 
    552     while (*str)
    553         *ptr++ = *str++;
    554     *ptr++ = 0;
    555 }
    556 
    557 static void *bio_get(struct binder_io *bio, uint32_t size)
    558 {
    559     size = (size + 3) & (~3);
    560 
    561     if (bio->data_avail < size){
    562         bio->data_avail = 0;
    563         bio->flags |= BIO_F_OVERFLOW;
    564         return 0;
    565     }  else {
    566         void *ptr = bio->data;
    567         bio->data += size;
    568         bio->data_avail -= size;
    569         return ptr;
    570     }
    571 }
    572 
    573 uint32_t bio_get_uint32(struct binder_io *bio)
    574 {
    575     uint32_t *ptr = bio_get(bio, sizeof(*ptr));
    576     return ptr ? *ptr : 0;
    577 }
    578 
    579 uint16_t *bio_get_string16(struct binder_io *bio, unsigned *sz)
    580 {
    581     unsigned len;
    582     len = bio_get_uint32(bio);
    583     if (sz)
    584         *sz = len;
    585     return bio_get(bio, (len + 1) * sizeof(uint16_t));
    586 }
    587 
    588 static struct binder_object *_bio_get_obj(struct binder_io *bio)
    589 {
    590     unsigned n;
    591     unsigned off = bio->data - bio->data0;
    592 
    593         /* TODO: be smarter about this? */
    594     for (n = 0; n < bio->offs_avail; n++) {
    595         if (bio->offs[n] == off)
    596             return bio_get(bio, sizeof(struct binder_object));
    597     }
    598 
    599     bio->data_avail = 0;
    600     bio->flags |= BIO_F_OVERFLOW;
    601     return 0;
    602 }
    603 
    604 void *bio_get_ref(struct binder_io *bio)
    605 {
    606     struct binder_object *obj;
    607 
    608     obj = _bio_get_obj(bio);
    609     if (!obj)
    610         return 0;
    611 
    612     if (obj->type == BINDER_TYPE_HANDLE)
    613         return obj->pointer;
    614 
    615     return 0;
    616 }
    617